The Register Columnists

Amberhawk Training

Contact Mail Follow RSS feed

Data protection, Brexit and campaigners: Privacy policy? Eh?

Were you phoned up by the Leave or Remain Campaigns on your ex-directory telephone number during the Referendum Campaign (probably in breach of PECR)? I was. If so, how did they get my number? How did one of the Campaigns, for example, know who was a Millwall fan so the caller from a Campaign gloated (sorry, I mean …
A cursor hovers over a Run/Save/Cancel dialog menu.

Marketing by opt-in, opt-out, consent or legitimate interest?

Blog If a=b and b=c then it follows that a=c. So, how does this set of simple equations relate to data protection? Well if direct marketeers, privacy advocates and supervisory authorities recognised that a=c then most of the debate concerning data protection and the marketing purpose would be settled. Don’t believe me? Just follow …

How 'flexible' can the UK actually be on EU data protection law?

If EU member states can, by law, exercise legislative “flexibility” when implementing 50+ Articles of the General Data Protection Regulation (GDPR), how can the regulation ever become harmonised across European Union? Pose this important question another way: given that the UK government intends to use legislative flexibility …
management strategy1

Here's one obscure little EU data protection rule that would be good

Those concerned with data protection and privacy have their work cut out in the UK. On top of understanding what the General Data Protection Regulation (GDPR) and the Data Protection Directive in the field of law enforcement both mean in practice, this week saw the publication of: the Investigative Powers Bill (which …

'Leave' or 'Stay' in the referendum? UK has to implement GDPR either way

Opinion “In” or “out”, the UK has to implement the General Data Protection Regulation (GDPR). This is important given that some organisations might think that a “Leave” vote might change matters with respect to the GDPR compliance (especially as the Cabinet minister responsible for GDPR implementation, John Whittingdale, is a prominent …

Privacy Shield: Data Protection Commissioners break out a six-pack

Hawktalk In this blog, I make a few comments about “Safe Harbor 2” (or the “Privacy Shield” to use the flash marketing term for the recently announced agreement). In summary, there is no published evidence that the Privacy Shield actually provides an adequate level of protection: so contrary to all those optimistic news reports, can you …

Draft super-snoop bill's data protection Code of Practice is a blank canvas – expert

IPB Today the Information Commissioner will give his views on the draft Investigatory Powers Bill to a cross party Parliamentary Committee examining it. The Bill proposes a power for the national security agencies to collect Bulk Personal Datasets (BPD) by a warrant signed by the Secretary of State which is subject to review by a …

UK says wider National Insurance number use no longer a no-no

UK government policy towards the wider use of the National Insurance Number (NINo) as a general identifier appears to have changed again. This ever-shifting policy now illustrates that well-known saying “What goes around comes around”. As is well known, the “general identifier” powers in the Data Protection Act (Schedule 1, …
Bond tries to decipher is tailor

Identifying terrorists: Let's find a value for needle in haystack

IPB So you're looking to stop a terrorist attack. What do you do? The choices are: (a) build the largest haystack about all the population because you know that the needle has to be in there “somewhere”; or (b) have the powers to look at all the relevant smaller haystacks that are around when you have inkling as to what kind of …

Here's the little-known legal loophole that permitted mass surveillance in the UK

This article explains the extent to which the national security agencies have been collecting bulk communications data using powers which are being exercised in a way that were never subject to Parliamentary scrutiny. Such data collection is neither subject to the relevant code of practice covering communications data nor to …

Understand 'Safe Harbor', Schrems v Facebook in under 300 words

'Safe Harbor' is now defunct because the European Court of Justice found the following: (a) There is no general privacy law or other measures enacted in the US that shows the US offers "an adequate level of protection" for personal data relating to European data subjects; (b) Public law enforcement authorities which obtain …
Spying image

Wide-ranging UK DATA SHARING moves one step closer

Comment I suspect the UK government is going to ditch the Law Commission recommendations on data sharing; this is because it wants a quick implementation of its own extensive data sharing proposals. In short, general data sharing powers are now on the political agenda again. This is the third time in a decade the government has tried to …
Privacy image

Scrapping the Human Rights Act: What about privacy and freedom of expression?

Comment According to most of the broadsheets, if there is a Conservative government after the next General Election, the European Court of Human Rights will no longer be able to overrule British courts. Under plans unveiled today at the Conservative Conference, Justice Secretary Chris Grayling is expected to state that a future …

If Google remembers whom it has forgotten, has it complied with the ECJ judgment?

Comment Google has received all kinds of plaudits for quickly introducing its “right to be forgotten” procedure. However, from what I have read in the press, its procedure for the removal of URLs is not fit for purpose. Google’s procedure appears to be defective. For the sake of argument, let’s assume that you want to have a URL removed …

Bizarre Tolkien-inspired GCHQ Xmas card CAN'T BE READ by us PLEBS

I have just received from the Dark Web, a samizdat copy of GCHQ’s Xmas card complete with cartoon from Chris Slane. The references (see below) provide a download of the complete Xmas card, which presumably can be printed out on cardboard in hard copy. I think we can assume that the card is genuine as it contains the exemption …
gavel_judgment_channel

£250k fine for dumping council workers' files in Tesco bins, er, binned

Comment I have just read the information tribunal decision and the reasons why the panel quashed the UK Information Commissioner’s £250,000 fine against the Scottish Borders council. The local authority was punished after a worker dumped employees' private data in bins at a nearby Tesco and another unnamed supermarket. It seems clear …

Irish watchdog won't probe Apple, Facebook over PRISM... but COULD IT?

Analysis Is the Irish Commissioner correct to claim that he can’t investigate Apple and Microsoft over PRISM? On Friday, Reuters reported that the Irish Office of the Data Protection Commissioner (ODPC) had refused to look at the transfers of personal data undertaken by Apple and Facebook to the United States. An Austrian student …

Of mice, the NSA, GCHQ and data protection

Comment Suppose you see a mouse in your house: is it likely to be the only mouse in your house? The relevance of the question will come apparent when we dig deeper into those infamous “black boxes” allegedly used by the USA’s National Security Agency1, the latest GCHQ mass interception fandango, and the responsibilities of the UK …

How Google lost the trust of Europe’s data protection authorities

Opinion Over the last two years, various European data protection commissioners have taken action against Google. Hardly a month goes by without something being reported: a €145,000 (£121,000, $189,000) StreetView fine here or a court case about jurisdiction there. So it is important to understand: “Why is Google on the receiving end …
source: http://defenseimagery.mil/assetDetails.action?guid=9462214573479c7e3ec71f8e6b8d7a454c668c50

Thatcher’s data protection legacy: Just fill out this 16-page form

Comment Successive UK governments have seen data protection more as a cost overhead to be minimised than as an essential protection for the individual in an electronic age. This view started with Margaret Thatcher’s first government and has endured for over three decades. During the 1970s, there were a number of white papers and reports …

Cameron's speech puts UK adoption of EU data directive in doubt

Opinion Cameron’s speech puts UK accession to any Data Protection Regulation and Directive in doubt. In yesterday’s speech on the relationship between the UK and the Europe Union, the Prime Minister raised doubts as to whether the UK will adopt both the proposed Data Protection Regulation and the Data Protection Directive in the field …

New laws to shackle and fine the Press? We've got PLENTY already

Analysis Prime Minister David Cameron has expressed "serious concerns and misgivings" over bringing in laws to underpin any new body to regulate the press. Mr Cameron told MPs that legislation backing a regulatory body underpinned by statute would "cross the Rubicon" by writing elements of press regulation into the law for the "first …
The Register breaking news

Gaping 'open data' loophole could leave your privates on display

Comment The government has just published its ideas for allowing general access to data, which includes the intention to grant individuals online access to their own personal data. In general, I support this measure but sadly, the Open Data White Paper (PDF) has not even considered that it has widened the privacy problems associated …
The Register breaking news

ICO could smack Google Street View with fine after all

In one of my blogs on Google Street View, I wrote that the Information Commissioner (ICO) could not serve a Monetary Penalty Notice (MPN) on Google when its software captured some personal data from household Wi-Fi systems. This assessment was based on the fact that Google published statements to the effect that only an …

Draft law lets council bods snoop your tax records

Opinion The Local Government Finance Bill, now before Parliament, is drafted in such a way that it could permit the routine disclosure of tax records and other personal data held by HMRC to council officers for several council tax-related purposes. The powers also allow HMRC to disclose such details directly to contractors of the …